There are SSH fingerprints published for each of the CVS servers. Alternatively, you use the patch files which are signed. There aren't so many of them that's it hard to catch up.
Tim. On Tue, Sep 30, 2014 at 10:37 AM, Alan McKay <[email protected]> wrote: > On Tue, Sep 30, 2014 at 10:27 AM, Stefan Olsson > <[email protected]> wrote: > > I don't do this myself, but stable="patch branch", i.e. release + > patches. > > All info you need is really in these two pages: > > Yes, I have it working great already. But at no point during that > process does it have me verify that the source code I have downloaded > is safe and came from the place I was expecting to get it from. > > That's the part I'm asking about. > > thanks, > -Alan > > -- > "Don't eat anything you've ever seen advertised on TV" > - Michael Pollan, author of "In Defense of Food"
